The latest update for that ticket is an email (presumably from a Comodo employee) to the creator of that ticket (Tavis) that reads:

Hello Tavis,

Regarding the vulnerability below, we have issued a hotfix on 10th of February.

GB 4.25.380415.167 has the required fix and 90+% of existing users are updated as of now.

And subsequently the ticket itself has been marked as fixed and closed. I’m not sure what is fixed exactly—the automatic starting of the VNC server, or the vulnerability of being able to derive the password from either the Registry or the machine itself?